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ABSTRACT 


Background: This research outlines the problems faced by users of the availability of medical documents which may vary in 
terms of having no softcopy, loss of hardcopy due to inefficient storage by the medical practitioners or failure to prepare a copy 
of their medical documents beforehand. Medical documents may also present an inconvenience to users whereby certain pro- 
cedures will require a certain amount of time to prepare with a minimal amount of fees taken for medical practitioners to prepare 
the medical documents for their patients when requested. 





Purpose: Hence, this study serves as documentation for a solution to increasing the availability of medical documents through 
Secure MedRecord. It is a system designed to allow patients to carry a softcopy of their medical documents with them at all 
times. This is done by allowing patients to access their medical documents via a web application containing the softcopy version 
of the medical documents. 


Results: The web application serves as a platform which allows medical practitioners to manage their patients’ medical docu- 
ments to allow for the patient to obtain a copy of the document for viewing purposes. This improves medical document availability 
together with providing efficient medical document processing and storage for disaster recovery purposes. 


Key Words: Electronic Health Records, Privacy, Security, Healthcare, Medical Records 


INTRODUCTION and associations’. However, this concept has yet to be fully 
idealized in other parts of the world. 





Secure MedRecord is a web application aim to serve users 
to conveniently access their medical documents on their de- 
vices. Medical documents consist of a patient’s medical in- 
formation which 1s used to provide a detailed medical history 
of the patient for medical practitioners to properly diagnose 
and give proper treatments needed to their patient. A medical 
record consists of various notes taken over time by the medi- 
cal professionals consisting of observations, administration 
of drugs and therapies, test results, reports, x-ray and more. 
Hence, the maintenance of accurate and complete medical 
records is a vital requirement for health care’. 


Medical records are an important document in which the ab- 
sence of the document will lead to patients unable to receive 
their continuation of proper care or treatment. However, with 
recent technological advance, the absence of the document 
is reduced drastically. The availability of the medical docu- 
ments may vary in terms of when the patient is travelling 
overseas and has failed to bring or prepare their medical 
documents beforehand. Other than that, it can sometimes 
be troubling to obtain the medical documents when there is 
a plan to switch clinics/hospital due to certain procedures 


7 l which will require a certain amount of time and a minimal 
Medical documents have been traditionally compiled and mount of fees. 


maintained by the healthcare providers of patients with ad- 


vances in technology leading to online data storage or elec- ~ . . 
tronic health records (EHR). This at the same time has led tioner side can also surface from the processing of these doc- 


to developments of personal health record (PHR) concept Uments. This is due to the use of Payee medium to keep 
which is supported by the US national health administrations records. This manual method presents itself with a few chal- 











On the side note, inefficiency towards the medical practi- 


Corresponding Author: 


Dr. Julia Binti Juremi, School of Computing, Asia Pacific University of Technology & Innovation, Kuala Lumpur, Malaysia. 

Email: dr.juremi@apu.edu.my 

ISSN: 2231-2196 (Print) ISSN: 0975-5241 (Online) 

Received: 18.06.2020 Revised: 23.07.2020 Accepted: 19.08.2020 Published: 08.09.2020 





Blatant N N E Se ———————— 
Int J Cur Res Rev | Vol 12 + Issue 17 » September 2020 


Kelvin et al.: Secure MedRecord — your medical record, in your pocket 


lenges such as the lack of security towards the information, 
inaccessibility to the health record when a file 1s a misplaced 
or poor communication between health care providers results 
to the inaccuracy of medical data'. As a result, there is an 
increase in work burden due to the inefficiency of a manual 
medical record system. More challenges arise when there is 
an improper organization of medical records which may lead 
to no assurance in medical information backup which may 
lead to not being able to access a patient’s medical history’. 





This system targets user groups of the general public and 
clinical user groups such as the medical practitioners, nurses 
and clinic staffs. As it is a web application, the clinical user 
groups would need to register for an account in the web ap- 
plication to be connected with their patients and store their 
data. An admin which manages Secure MedRecord will the 
verifies the authenticity of the clinical user groups via their 
uploaded certifications. Next, the general public will be able 
to register an account through their web browsers on either 
their personal computers or mobile devices to then access 
their medical documents online after being connected with 
their selected clinic. Users are then enabled to access the in- 
formation contained within their medical document with the 
determined user access privileges'. 











As the nature of the challenge is specified, the challenges 
predicted to be faced by the developer is to develop a user- 
friendly user interface to allow efficient usage of the elec- 
tronic health system in the hands of the patients and medical 
staffs. Each user will have different knowledge in Informa- 
tion Technology hence the challenge will be to keep the in- 
terface as simple as possible to be used by all ages of the 
target users. Next, as the nature of the system is focused pri- 
marily on healthcare, it is utmost important to ensure that 
system security is taken into consideration. Patients’ health 
information is confidential and thus the data which is used in 
the system needs to be protected based on the security triad 
model. Implementing security features into the system will 
be a challenge as there will be a need to understand the types 
of attack which may happen to the system, the concepts of 
different methods of implementing the security features and 
how the system could be misused by the users. 





This research aims to develop a web application which ena- 
bles for a convenient, safe and efficient method to access 
and manage medical documents such as the medical records 
and reports. 


Objectives 
e To identify the basic concepts of medical documents 
used in the medical industries to facilitate a profes- 
sional and efficient web application to serve patients 
effectively. 
e To utilize cybersecurity knowledge and system to de- 
velop a secure web application. 


e To ensure confidentiality by providing authorization 
of the medical documents with proper authentication 
such as 2-factor authentication and Recaptcha. 

e To incorporate encryption into the web application to 
provide confidentiality by encrypting sensitive data. 

e To ensure the integrity of the passwords by using hash 
functions to obtain hash values of the passwords used 
by users of Secure MedRecord. 

e To incorporate watermarking or database logs into the 
web application to improve the integrity of the medi- 
cal documents. 

e To ensure the availability of the medical documents in 
softcopy format within the web application by deploy- 
ing the application to the cloud environment. 


Literature Review 

The current situation and experience of Electronic Health 
Record (EHR) in Primary Medical Institutions 7°. It is found 
that a nationwide realization of EHR which is shared with re- 
gional health information network would allow for a saving 
of $78 billion in annual medical expenses which accounts in 
4% of a total medical and health expenditure undergone by 
the United States. The research in EHR has begun in many 
western developed countries to help solve the inefficiencies 
and high cost which 1s brought by the growth of medical and 
health systems. Presently, many countries are focusing on 
basic research of EHR. However, it has yet been carried out 
for large-scale development and adoption of the system”. In 
terms of contents and characteristics of an EHR, the inclu- 
sion of personal information which includes basic informa- 
tion like name, sex, history, family history and other basic 
health history are relevant. Next, the physical examination 
includes patient lifestyle, personal health examination, pre- 
scribed medication for any diseases and health evaluation. 
It is also important to note that clients who need referral 
and consultation records should refer to a doctor for record 
filling as all service records are collected and filed in the 
responsibility of medical personnel or archivists promptly. 
They” have also mentioned in the research that paper health 
records would gradually be transferred to an EHR thus, mak- 
ing the contents of an EHR much more diverse. 





Looking back from a point in history, it is seen that develop- 
ing countries in the West are reducing costs and improving 
service quality together with efficiency from the perspective 
of informatization. This is due to the core of information 
technology is efficiency and sharing. Hence, the interconnec- 
tion of medical information would result in improvements in 
patient satisfaction, reduction in both personal burdens and 
financial burdens of governments. This 1s proven in Canada 
where a cumulative income of C$19.2 billion measured from 
Canadian residents and health care system which is around 
C$3 billion in 2016. This is where EHR health services in 
Canada has doubled with 500,000 medical staffs benefitting 
from digital health such as the reduction in time costs, re- 
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peated testing avoidance and adverse drug reaction reduc- 
tion. Medical doctors would also benefit with available visu- 
als on 100% diagnose images, 72% prescriptions and 97% 
test results to provide strong support for clinical decision 
making”. Based on this research, the developer is positive 
that the development of Secure MedRecord would be ben- 
eficial to allow for the tangible and intangible benefits to be 
obtainable which was specified in chapter 1 of this report. 
It is positive that the development of Secure MedRecord’s 
web application will be beneficial towards the medical target 
users. 











Next, EHR is written by medical health professionals and 
where most patient data are found. These records capture the 
status of patients across time and are very valuable in diag- 
nosis. Medical codes, such as ICD-9-CM are assigned to a 
patient’s report after a treatment to serve as a justification to 
prove that the said treatments were carried out". Failure in 
assigning the codes correct would represent a loss in revenue 
and risk constitution of fraud. Thus, carried!’ out research 
to automate the ICD-9-CM medical coding into electronic 
clinical reports. As a background, Clinical text has no neatly 
defined structure as it can be the patient’s description, per- 
sonal and family medical history or remarks made by the 
physician. Hence, lengths of reports would vary in sessions. 
The researchers also mentioned that EHR software is usually 
form-based (“suggested causes”, “symptoms”, “suggested 
treatment”) thus result in thematically well-defined short 
sentences in each form’s field. This causes physicians to ig- 
nore certain form structure, use free form data entry fields or 
worst, misuse any other form entries which would cause a 
downgrade in information quality. It 1s also found that physi- 
cians alter his/her writing depending on the if the writing is 
going to be read by other parties’. As an example, a typical 
consultation report would not be written in a clear commu- 
nication format compared to a report which will be sent to 
another physician for reference. The non-clear communica- 
tion report may consist of telegraphic phrases, abbreviations, 
acronyms or local dialectal shorthand phrases which would 
confuse. Abbreviation “RA” can stand for 25 different mean- 
ings such as “rheumatoid arthritis”, “radioactive” or “rag- 
weed antigen”. 








As a result, the researchers aim to automate assigning of 
ICD-9-CM code to patient reports to help lower the limi- 
tations of EHR and provide artificial neural network-based 
models for effective labelling. Based on the results, the ex- 
periment conduct by the researchers appears to be good. 
Codes which are associated with patients report would also 
have sequence number assigned. Thus, are finding a method 
to factor in sequence number into the models and evaluation 
methods to help improve their system to work efficiently on 
the task at hand. Based on the journal, the developers under- 
stood the various nature of EHR which needs to be tackled 
in the development of Secure MedRecord. Designing form 











inputs for medical practitioners would need to be done in 
a way where standards could be applied. It is ideal for free 
form fields to be designed for the universal usage of record- 
ing a patient’s information rather than restricting each field 
for their special purposes. This would follow a traditional ap- 
proach in the documentation where clinical physicians write 
their patient’s report on a blank piece of paper which 1s at- 
tached in a patient’s medical folder. 


In terms of medication reminders which would be a feature 
of Secure MedRecord, a journal has been reviewed by the 
developer. “Don’t Forget Your Pill!” which is a design inef- 
fective medication reminder apps which support user’s daily 
routine !8. The journal which was conducted by the research- 
ers reports the findings of the functionality review conducted 
on 229 medication reminder apps and the analysis of 1012 
user reviews. It is found that medication regimes are habitual 
and the daily routine of patients would support in remember- 
ing while most existing reminder apps rely on timer-based 
reminders. Medication non-adherence would reduce the ef- 
fectiveness of treatment and post-financial burden on health 
care systems’*. An estimated cost in non-adherence reaches 
an estimate of $100 billion each year in the United States 
which include 10% of hospitals and 23% of nursing home 
admissions. However, it is also an issue where even motivat- 
ed people can forget which is one of the main causes where 
forgetfulness accounts for 30% of unintentional non-adher- 
ence. The researchers have made two main contributions 
where they have reviewed the functionality of smartphone 
medication reminder apps and highlighted the weakness of 
the apps. Other than that, a proposed design requirement 
which takes into account the habitual nature of medication 
regimes for the development of reminder apps. Remember- 
ing medication consumption is a prospective memory task 
which is divided into two types which are time-based (com- 
pleted within specific time) and event-based (linked to the 
event or environment). An online survey was conducted to 
explore strategies in remembering medicinal consumption 
whereby 61% answered that it is part of their daily routine. 
Common causes in non-adherence were 54% having changes 
in daily routine, 47% being busy or distracted and 46% were 
simply forgetful'®. 




















Medication reminder app would allow users to enter multi- 
ple medications needed for consuming, show due times, con- 
sumption instructions and highlight overdue doses. Based on 
the survey conducted by the researcher, nearly 97% of the 
apps identified in smartphone platforms were timer-based 
reminders. Reminder apps are categorized into 3 types 
which are Simple Medication Reminders (SMR), Advanced 
Medication Reminders (AMR) and Medication Management 
Apps (MMA). SMR offers the basic function to support 
prospective memory such as scheduling, alerts and sound. 
AMR offers options in prospective and retrospective mem- 
ory such as overdosing protection, time zone supports and 
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user notes whereas MMA support health and medication re- 
gimes with multiple user accounts. With that, the developer 
would utilize SMR as the preferred type of reminder feature 
to be implemented into Secure MedRecord. This is due to it 
being a side feature to accommodate user effectiveness in 
medication adherence following their medical documents. 
It is also duly noted that most applications available in the 
smartphone store are time-based reminders thus the devel- 
oper would adhere to the standards to allow for the easier 
recollection of usage based on the other applications for the 
convenience of target users. 














Medical documents are subjected to strict security concerns. 
It has been a renewed interest to find solutions in the privacy 
of health records due to how the records are easily accessed 
by healthcare providers'. An important aspect to healthcare 
delivery is the easy access to patient’s health information 
which should be strictly regulated and monitored due to its 
sensitivity. Hospitals face challenges in missing of files or 
records, lack of information sharing, insecure records and 
inaccessibility in patient’s health information. This would 
affect the need for conducting an informed health decision 
by the medical practitioners. There are also concerns raised 
such as privacy, data breaches and medical identity theft as- 
sociated with medical information. The challenges are faced 
due to the domination of continuous usage of paper in health- 
care delivery. There is a need in health information manage- 
ment system for easy storage and access of medical record 
for informed decisions to be made by medical practitioners'. 
The researcher has suggested Blockchain technology to be 
used as an approach for accessibility of information while 
reassuring the security of the private information at all time 
with authentication for preventing unauthorized viewing 
thus addressing data security and privacy. This is because 
although the manual system is still used for decision making 
and medication management, the paper-based system fails to 
assure the availability of records for viewing and retrieval. 


With the challenges faced by manual systems which were 
confirmed in the interview where respondents are not sat- 
isfied with current situations, electronic records would ide- 
ally be used to solve certain challenges and minimize the 
problems undergone by manual and traditional methods. It 1s 
found that reduction in memory strain of medical practition- 
ers, improved effectiveness and efficiency in healthcare and 
increased accountability in health support’. This also allows 
for the reduction in medical errors, redundant service, better 
clinical decisions and coordination on service delivery due 
to easily accessible and retrieval of information for health- 
care providers. Due to the regards of security and privacy, 
the developer of Secure MedRecord would integrate certain 
security features such as hashing,’ factor- authentication, 
cloud deployment and server logging to allow for a secure 
web application to be built. However, due to the limitation 
in technical skills and time in development, Blockchain im- 








plementation will not be accomplished in this iteration of the 
application. A future version of the application may adopt 
Blockchain technology. 


The study conducted by Ibrahim, Z. et al.? attributes the lack 
in quantitative follow up in reluctance of clinicians treating 
their patients which active schedules incline physicians to 
use insufficient descriptions of cases which results in low- 
er quality of care. As patient records are confidential, the 
studies are burdened with delays in obtaining consent and 
approvals from patients. Strict rules prohibit other parties 
which are not directly involved in the treatment to view the 
records and patients which tend to visit several healthcare 
providers during their treatment would distribute their medi- 
cal documents to the different organization each with their 
own rules, regulations and protocols and policies. Hence,’ 
aims to provide a multi-agent platform for convenient con- 
trol of feedback provision of patients to allow effective con- 
sent to be given for information access. Objectives of the 
multi-agent platform provide an online tool for patients to 
provide treatment regardless of the location of treatment of 
one or healthcare institutions’. Another objective is to reduce 
cost with the automation of obtaining patient consents in re- 
al-time. It is found that the healthcare system mostly requires 
the collection and management of heterogeneous data which 
ranges from clinical notes to medical information found on 
the web and medical ontologies/concepts. 





To address the diversity of terminologies and languages uti- 
lized in the management of electronic patient records, the 
researchers have created an ontology-driven model to serve 
common languages understood by all agents created in the 
system which will be illustrated in Figure 1. 
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Figure 1: Agent Class Diagram’. 


Initial analysis conducted by the researchers uncover issues 
comprising of security which are the confidential nature of 
patient records where manipulation and transportation of 
records are proven challenging to realize. Patients have the 
right to provide consent to other medical practitioners out- 
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side of the hospital to see the treatment information. This 
article was studied by the developer due to its nature in pa- 
tient consent to allow for a clearer idea in the development 
of Secure MedRecord. As the aim of the development is to 
provide a user-friendly web application for users to utilize 
to keep a copy of their medical record, the developer would 
allow for a concept less design to be implemented to allow 
common language to be understood by all parties of the web 
application. Due to the variety of rules and regulations avail- 
able in a different healthcare institution, the developer would 
adhere to the standards which are applied in Malaysia from 
the Ministry of Health for the overall flexibility in Secure 
MedRecord. 














Another ontology-based or concept-based system due to the 
cost in the development of an EHR is greatly increasing from 
the difficulty in handling of clinical concepts, temporal data, 
documents and financial transactions’. At the same time, this 
increases the risk in the failure rate of implementation which 
threatens the investments in the sector. Ontology-based sys- 
tem help in allowing code reuse, extensions and customiza- 
tions which would reduce the development cost. At present, 
EHR offers web-based support with the sharing of records 
across establishments’. However, constant efforts are made 
to introduce this technology in Egypt for practical usage. 
Ontologies or concepts have been used widely in health care 
modelling, automation and research to achieve desirable out- 
comes. The requirement in an effective EHR is standardiza- 
tion, data quality, reference domain knowledge and user in- 
terface’. Data quality helps improve decision making, boost 
user confidence of data which encourage further usage and 
allow for data consistency for better statistics and results. 
The user interface, on the other hand, is important due to 
the management and time take to view results and process 
the results. To allow for standardization, the employment of 
ontological modelling was done. 








Ontologies Domains 









Knowledge 
Domain 


DS 


(Net Beans) 






PQL & Query) | Rule & WorkFlow 
Optimzier Engine 


Figure 2: Proposed EHR solution”. 
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The approach done by the researcher to develop the pro- 
posed EHR is with the usage of software factories to as- 
sociate with shorter development times, cost reduction and 
maintainable code. This is illustrated in Figure 2. The persis- 


tent layer underwent is based on a relational database model 
which support MySQL, PostgreSQL and Oracle database 
engines which allow for persistence or perseverance. With 
the constant effort undergo to introduce EHR in Egypt, the 
developer is certain that Secure MedRecord will be an ef- 
fective web application which can be used by target users in 
Malaysia. The developer will incorporate the 4 requirements 
of effective EHR into the design of Secure MedRecord for 
effective development together with the usage of relational 
database model of PostgreSQL which is clearly defined in 
the materials and methods of chapter 3. 











MATERIALS AND METHODS 


Programming Language Chosen 

Secure MedRecord is a web application designed to be run 
with the user device’s web browser. Hence suitable web 
programming languages will need to be chosen. In terms of 
design and structure of the website, a combination of both 
HTML (Hypertext Markup Language) and CSS (Cascading 
Style Sheet) will be utilized as they are core technologies 
in building web pages. HTML will assist in providing the 
structure of the page whereas CSS would assist in the visual 
layout and presentation for the variety of devices. 














Next, functionalities and user experience of the web appli- 
cation would need to be implemented with the help of pro- 
gramming language for the manipulation of data. A compari- 
son of programming language for this would be created by 
the developer in the following section, Table 1. 





Table 1: Comparison between JavaScript and C# 


Language JavaScript C# 

Type Object-oriented Type-safe object- 
oriented 

Static Typing Dynamic Static 

Platform Cross-platform Cross-platform com- 


compatible patible 


Generic Support No generic support Has generic support 


Framework Supports various Supports .Net frame- 
framework work 

Versatility Very versatile Very versatile 

Complexity Less complex in More complex 
understanding 

Querying Separate libraries | Has LINQ, powerful 
for native querying .NET component for 

native querying 
Scope Limited scope Robust language 


Based on the comparison Table 3.1.1, it is seen that C# is 
much more of a suitable choice for development. This 1s 
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due to the language syntax of C# 1s much consistent when 
compared to plain JavaScript with the usability of between 
beginners and expert developers. Hence, the developer has 
chosen to use C# as the main language chosen for the devel- 
opment of Secure MedRecord. 








Next, C# is also utilized in various applications. Being very 
versatile in its versatility, C# is often used in the creation of 
dynamic websites due to its object-oriented, efficient, eas- 
ily scalable and maintainable. It is utilized by big companies 
such as Microsoft and Stack Overflow. Thus, being cross- 
platform compatible for development of full-grown web ap- 
plication for the benefit of the developer in developing Se- 
cure MedRecord. 





Programming Framework 


ASP.NET Core 

With the chosen programming language of C#, Microsoft’s 
ASP .NET Core framework is chosen to be utilized for the 
development of Secure MedRecord. It is a cross-platform, 
open-source framework for high-performance development 
of modern, interconnected web applications with cloud- 
based utilities”. 








Based on the development of Secure MedRecord, the ben- 
efits of utilizing ASP .NET Core are: 


1. Architected for testability. 
Coding page-focused scenarios 
through Razor Pages. 

3. Develop to be run on Windows, macOS and Linux. 

Community-focused and open-source. 

5. Integration of modern development workflow and 
client-side frameworks. 

6. Cloud-ready, environment-based configuration sys- 
tem. 

7. High performance, lightweight and modular HTTP re- 
quest pipeline. 

8. Tooling to simplify modern web development. 


Based on the utilization of ASP .NET Core, MVC (Models, 
Views Controllers) features will be used. This is to obtain 
the benefits which were listed by undertaking ASP .NET 
Core framework in the development of the web applica- 
tion. Libraries which are supported in the framework targets 
.NET Framework libraries. Advantages of these are cross- 
platform, improved performance, side-by-side versioning, 
open-source and new APIs. However, the disadvantage of 
this framework is the vendor lock-in through a Microsoft 
ecosystem. Technologies needed would need Microsoft Vis- 
ual Studio and other Microsoft services to operate the web 
application efficiently. 


for productivity 


a 





Nevertheless, with the abundance of benefits and resources 
able to be provided through the utilization of C# program- 
ming language and ASP .NET Core framework, the devel- 





oper will be able to utilize the key benefits from a Microsoft 
ecosystem to develop, run and build the Secure MedRecord 
web application for the usage of its objectives. Integration 
of the web application with cloud services is also easy and 
possible with Microsoft Azure cloud platform through the 
implementation of ASP .NET Core and the Microsoft eco- 
system. Thus, obtaining availability, scalability and resilien- 
cy from the cloud, and security from the SLA of the cloud 
provider. Further security implementations are mentioned in 
the following sections of this documentation. 





IDE (Interactive Development Environment) 

An IDE is a software suite utilized to consolidate the ba- 
sic tools necessary to write and test a system or software. 
The chosen IDE which will be used to develop Secure Me- 
dRecord is Microsoft Visual Studio Community 2019. Mi- 
crosoft Visual Studio is an IDE developed by Microsoft to 
allow for the development of applications for Android, Mac, 
iOS, Windows, web and cloud!’. Main advantages and fea- 
tures of Visual Studio are easy debugging and diagnosis, 
frequent testing and release, customizable, and efficient col- 
laboration enabled. 








Figure 3: Microsoft Visual Studio user interface". 


Figure 3 above illustrates the user interface of Microsoft 
Visual Studio where the solution explorer which contains all 
related files to the project can be seen on the right tab of 
the page. Figure 4, on the other hand, illustrates the various 
packages and extensions available to be downloaded using 
the NuGet package manager. 





Figure 4: Nuget Package Manager. 


Microsoft Visual Studio was also chosen with its benefit of 
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enabling cloud connection to be integrated easily. As Visual 
Studio is part of Microsoft, seamless integration and fea- 
tures to connect with Microsoft Azure are enabled in the IDE 
through the cloud-connected development environment. 
Thus, developers are given the advantage to stay up to date, 
code efficiently with built-in features and collaborate eas- 
ily”. 


Libraries/Tools chosen 


Rotativa 

Rotativa is an open-source package which enables the gen- 
eration or printing of PDF documents from web applications 
of the database. It is a library which contains the framework 
and web kit engine to help render HTML”. Through the us- 
age of Rotativa, it enables for Secure MedRecord to return 
certain specified URL as PDF. Thus, enabling users to down- 
load a copy of their medical record or their medical card 
which will contain the medical information needed by the 
users. It is also worth to note that the PDF downloaded will 
contain watermark which represents its authenticity. 





Benefits of Rotativa includes easy and efficient where in- 
stallations are not needed. Thus, access rights or hosting re- 
strictions are prevented. Libraries are available to be used 
immediately for the creation of PDF with one line of code or 
a simple HTTP JSON call.! Performance and reliability are 
also guaranteed with rotative implementing cloud computa- 
tion power. Lastly, rotative allows for control where PDF ac- 
tivity is monitored by the user itself. 





Google reCAPTCHA 

Google reCAPTCHA is a free service from Google to pre- 
vent application against spam and some other types of auto- 
mated abuse such as brute-forcing to crack passwords with 
automated script or bots*. The library and tool are utilized 
in Secure MedRecord to further strengthen the security of 
the web application. This would help in minimizing abusive 
traffic by returning scores based on user interaction on the 
website. There is three versions of reCAPTCHA with the de- 
veloper using reCAPTCHA v3 in Secure MedRecord’s login 
and register pages. This is chosen due to its main advantage 
of not having user interactions to complete challenges to be 
necessary. The 3 main advantage of reCAPTCHA is the ad- 
vance security which protects against spam and abuse, ease 
of usage to minimize friction and effortless interactions for 
users, and creation of value which applies human bandwidth 
to benefit everyone’. 











Microsoft Azure Storage 

Having the benefits such as high availability and durability, 
secure, scalable, managed and accessible, Azure Storage 1s 
Microsoft’s cloud solution modern data storage scenarios". 
These benefits are obtained through the usage of Blob and 





Table storage for Secure MedRecord web application. Ta- 
ble Storage is chosen to be utilized in Secure MedRecord 
for the storage of user medical symptoms. This is due to the 
common uses of Table storage of storing structured data for 
web-scale application and quick querying of data from the 
storage. It is ideal for structured, non-relational data'*. Medi- 
cal symptoms are defaulted to be abundant in its use case. 
Thus, to conduct efficient filtering and querying of the data, 
Table storage is suitable to be implemented. This is due to 
the information contained within the symptoms are to be cat- 
egorized based on their specific categories. These categories 
are set to be the partition key of each table row which will 
be efficient for filtering through Partition Scan which uses 
the PartitionKey and another non-key property for query- 
ing. Thus, facilitating better adaptability to utilize filtering 
of data based on partition keys. 








Blob storage is utilized in Secure MedRecord for the stor- 
ing of doctor files which contain their medical practitioner 
license. It is implemented in Secure MedRecord as it is an 
object storage solution. It is developed to provide storage for 
a huge amount of unstructured data such as binary or text 
data. Blob storage is ideal for serving and storing of files, 
images and documents for distributed access directly to the 
browser.'’ Other than that, Blob storage enables the files to 
be accessed anywhere from HTTP or HTTPS. Thus, Blob 
storage is utilized in Secure MedRecord for efficient file 
storage to store doctor medical license files. 








Database Management System Chosen 

A database management system (DBMS) is a software de- 
signed to assist in defining, manipulating, managing and 
retrieving data in a database. General manipulation of data 
such as data format, field names, file structure and record 
structure will be done by a DBMS together with the defini- 
tion of rules to manipulate and validate data. Examples of 
DBMS available are MySQL, PostgreSQL and Microsoft 
SQL Server Database. 


Comparison of DBMS: 

MySQL is a popular open-source relational database which 
has proven its performance, reliability and user-friendliness. 
It is used by high profile companies such as Facebook, Twit- 
ter and YouTube. PostgreSQL, on the other hand, is an open- 
source object-relational database which comes with features 
like data indexing, user configuration settings, version con- 
trol and NoSQL (“not only SQL”) databases which gives it a 
special advantage. Companies such as Apple, Skype and Cis- 
co utilize PostgreSQL. Lastly, Microsoft SQL Server Data- 
base is a relational database management system developed 
by Microsoft with features of data analysis, data encryption, 
end-to-end business intelligence and more. It 1s currently be- 
ing utilized by well-established companies such as J.P Mor- 
gan, Accenture, MIT and Dell. 
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Figure 5: DBMS Engine Ranking score? 


Based on the Engine Ranking score in Figure 5 which 1s the 
ranking of DBMS based on popularity and user adoption, 
PostgreSQL is gaining popularity with PostgreSQL being 
adopted consistently over the past year with both MySQL 
and Microsoft SQL Server maintaining in their popularity, 
Table 2. 


Table 2: Comparison between MySQL, PostgreSQL 
and Microsoft SQL 


DBMS MySQL PostgreSQL Microsoft 





SOL 


Engine Ranking 1346.11, over- 369.44, over- 1093.75, 
Score allrankis2 allrankis4 overall rank 
is 3 
XML & Data Yes Yes Yes 
Scheme support 
Native Clibrary Nosupport Support Support 
Work Perfor- Not too well Works best Robust with 
mance in heavy load in systems compres- 
strain and execute sionand 
complex partitioning 
queries features 
CHECK con- No Yes Yes 
straint 
Partial Indexes No Yes Yes 
Materialized No Yes Yes 
Views 
Array DataType No Yes Yes 
Cloud storage Yes Yes Yes 





Based on the comparison of Table 3.4.1 above, the developer 
has decided to choose Microsoft SQL Server Database as the 
preferred DBMS in the development of Secure MedRecord 
due to its advantages in certain feature availability and 
data protection. According to Microsoft *, Microsoft SQL 
provides data integrity with its advanced security as men- 
tioned by the National Institute of Standards and Technology 
(NIST). MySQL and PostgreSQL, on the other hand, require 
the server to be set to strict SQL mode else the value which 
is inserted and updated will not be adjusted properly. Other 
than that, Microsoft Azure SQL Database which 1s Microsoft 








SQL Server cloud engine offers cloud hosting and file stor- 
age for better data availability and security which is needed 
in the requirements of Secure MedRecord. Azure SQL has 
availability of 99.995% with advanced data security of al- 
ways encrypted, compliance assured with built-in auditing, 
insights with Azure Security Center and Multi-layered secu- 
rity’. Hence, Microsoft SQL Server is much preferred by the 
developer with its extra cloud storage utilities and security 
features offered. 





Operating System Chosen 

The chosen operating system which will be utilized by the 
developer in the creation of Secure MedRecord record 1s 
Windows. This is due to Secure MedRecord is targeted to 
be developed into a web application which will be supported 
on the web browsers of target users. The Windows version 
of choice is Windows 10 with a 64-Bit architecture. This 1s 
mainly because it is the most updated Windows operating 
system currently in the market. In terms of security, Win- 
dows 10 inherits a multitude of security including built-in 
antivirus called Windows Defender. It contains Secure Boot, 
Device Guard, Microsoft Passport and Windows Hello which 
are security features for both access control and system uti- 
lization. Windows 10 also has an addition of ransomware 
protection together with exploit/threat protection. 











Web Server Chosen 

A web server serves files which would form web pages to us- 
ers which are also known as a client which request for the file 
based on the HTTP (Hypertext Transfer Protocol). This is 
known as the client/server model. If a web server was to face 
interruption, users would not be able to access the web pages 
hence resulting in a denial of service. In this case, this would 
be inconvenient due to the nature of medical documents be- 
ing important. Hence, the developer has chosen to adopt the 
cloud environment with the utilization of cloud supported 
web servers. 











Secure MedRecord will be hosted by Microsoft Azure under 
its cloud web hosting plans which uses the Internet Informa- 
tion Services (IIS). IIS is created by Microsoft for the usage 
of a Windows Server. It enables for the service of standard 
and dynamic HTML webpages such as ASP .NET applica- 
tions or PHP pages. With the SLA of Microsoft cloud provid- 
er, Microsoft Azure enables for greater availability through 
GEO availability and the multiple availabilities and perfor- 
mance testing together with scalability through its scale up 
and scale out services available. Microsoft Azure has a wide 
range of hosting plans which comes in different pricing lists. 





Figure 6 illustrates the pricing comparison of the web host- 
ing plans provided by Microsoft Azure. Secure MedRecord 
is planned to be deployed with the standard production plan 
which can be upgraded to different tiers upon workload re- 
quests. 
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Figure 6: Azure Web Hosting Prices? 


Web Browser Chosen 

A web browser is a software program which allows for us- 
ers to locate, access and load web pages into their devices. 
Secure MedRecord is a web application which would utilize 
web browsers and technology to perform its task over the in- 
ternet. A web application performs its task with the combina- 
tion of server-side scripts to handle storage and retrieving of 
information together with client-side scripts to then present 
the information to the users of the web application’. Thus, 
presenting of the information will utilize the availability of a 
web browser in the user’s devices. 














In the development of Secure MedRecord, the developer has 
chosen to focus on two widely used web browser which are 
Firefox from Mozilla and Google Chrome. The develop has 
chosen to utilize Google Chrome as the primary web brows- 
er. The following information is the comparison between 
Firefox and Google Chrome. 


a 








Figure 7: Comparison of Firefox (top) and Google Chrome 
(bottom) design. 


In terms of design, Figure 7 illustrates the web browsers hav- 
ing a similar style of headers. However, Firefox is deemed 
much more user friendly due to the bigger back and forward 
buttons, customizable menu bars and simpler setting options 
available for users to configure. Google Chrome, however, 
does not have a customize toolbar option available for users 
which can be seen in Figure 8 below. 





Figure 8: Customize option in Firefox. 


Benchmarking: 

Evaluation of the performance and capabilities of the web 
browser can be done through the performance testing which 
is done by using synthetic benchmarking software®. The 
benchmarks would test the time taken in loading, perfor- 
mance rendering and standard support in the chosen web 
browsers. Figure 9 below illustrates the benchmark test con- 
ducted with 5 different synthetic benchmarks. 






Basemark 


Octane 2 (x100) 





Speedometer 


JetStream 





190.26 
MotionMark 


o 
g 
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Figure 9: Benchmark performance of Firefox and Google 
Chrome®.. 


Based on the scale shown in Figure 10 it is shown that Goog- 
le Chrome is performing better than Firefox. 


Modern Standards Support 

Web standards are technologies which are set out by World 
Wide Web Consortium (W3C) which would define coding 
and interpretation of the web. These standards assist the in- 
teroperability and cross-compatibility between web brows- 
ers and server®. A test which is conducted towards Firefox 
and Google Chrome with the utilization of HTMLSTest. 
com which would help measure the 555 standards shows 
that Firefox supports 473 web standards whereas Google 
Chrome support 481 standards out of the total of 555 stand- 
ards available. Hence, Google chrome is much beneficial in 
supporting modern standards support. However, this does 
not translate much different when compared with Firefox 
in terms of practical use. The test is illustrated in Figure 
10 below. 


In terms of memory or RAM, which 1s essential for quick 
access of application, more RAM or memory usage would 
slow the computer down. In the test, Figure 11 illustrates 
Firefox consuming more RAM than Google Chrome hence 
slowing users computer down. 


With the comparisons made of both Firefox and Google 
Chrome, it is shown that Google Chrome has a better advan- 
tage overall. Thus, the developer has chosen to utilize and 
focus on the deployment of Secure MedRecord on Google 
Chrome with its advantages. However, Secure MedRecord 
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would also support the running of the system with another 
web browser such as Firefox and Microsoft Edge with the 
primary target web browser of choice being Google Chrome. 


HTML [5] TEST 





You are using Firefox 69.0 on Windows 10 


HTML [=] TEST 


your browser 


40] 


You are using Chrome Dev 77.0.3865.90 on Windows 10 
Figure 10: HTML5Test.com on Firefox and Google Chrome. 


Memory: 


{S Task Manager = o x 
File Options View 


Processes Performance App history Startup Users Details Services 





24% ~ 42% 1% 0% 

Name Status CPU Memory Disk Network 
@ Firefox (7) 49% 1,6981MB  0.1MB/s 0.1 Mbps A 

> © Google Chrome (28) 2.0% 1,3293MB  0.1MB/s 0.1 Mbps 


Figure 11: Memory test of Firefox and Google Chrome. 


Deliverables 

The electronic health system — Secure MedRecord allows 
users to carry a softcopy of their medical documents with 
them daily provided they have a device with them. With the 
use of this system, users can conveniently visit other clin- 
ics or hospitals with ease as the doctors of the newly visited 
health service has access to their medical documents base on 
the patient’s consent. Other than that, medical staff would be 
able to export their patients’ medical data to enable softcopy 
storage to be available. Next, the system enables the medi- 
cal staff to process the patients’ data efficiently as the less 
manual filing of medical information will need to be done. 
Below are the lists of core functions to be performable by the 





electronic health system: 


e Allows end-users to login and logout of the system. 

e Allows medical staff to create the patients’ medical 
documents within the system. 

e Allows medical staff to update their patients’ medical 
documents in the system. 

e Allows patients to view their medical documents. 

e Allows patients to download their medical documents. 

e Allows the patients’ new medical staff to view their 
medical document with consent. 


Also, the extra features of the system are: 


e Allow patients to submit a request for an additional 
medical report to be created by their health providers. 

e Allow patients to schedule for an appointment with 
their clinical health providers. 

e Allow patients to store their emergency medical infor- 
mation such as blood type, medication, allergies and 
emergency number via a medical card. 

e Allow patients to store their medical symptoms as a 
note before a consultation. 


RESULTS AND DISCUSSION 


User Acceptance Testing Result Analysis 


Interface Design 

Figure 12 above illustrates the results for the interface design 
category of the UAT. Based on the results obtained from 3 
users, 2 of the users gave a 5-point rating whereas 1 user 
gave a 4-point rating. The results specify that users are satis- 
fied with the interface which minor room for improvement 
in future updates. 


Interface Design (GUI) 


3 responses 








Figure 12: Interface Design UAT results. 
Meeting Objectives 


Meeting Objectives 
3 responses 








Figure 13: Meeting Objective UAT results. 
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Figure 13 illustrates the meeting of objectives of the project 
UAT results. The objectives of the project are specified in 
Chapter | under section 1.6 Scope and Objectives. Based on 
the stated objectives, all 3 users agree that the developer has 
fulfilled the objectives by responding with a 5-point rating 
of very good. 








System Validation 


System Validation 
3 responses 





Figure 14: System Validation UAT results. 


Figure 14 illustrates the system validation UAT results of Se- 
cure MedRecord. Based on the results, 2 users gave the score 
of 4 which is good, and 1 user gave the score of 3 which is 
average. This shows that there 1s room for improvement in 
the web application’s system validation section which is the 
admin and user side functionality. 


Maintainability 


Maintainability 
3 responses 


2 











Figure 15: Maintainability UAT results. 


Figure 15 illustrates the maintainability UAT results of Se- 
cure MedRecord. Based on the result, 2 users gave the score 
of 4 which is good, and 1 user gave the score of 3 which is 
average. This shows that there is room for improvement in 
the web application’s system maintainability function. Im- 
provements of the web application can be available in future 
iterations of the product. 


Figure 16 illustrates free from bugs UAT results of Se- 
cure MedRecord. Based on the result, all 3 users gave the 
score of 4 which is good. This is due to minor bug issues 
during the generation of PDF file and login validation 
which surfaces from time to time due to the library and 
reCAPTCHA verifications. With that, there is minor room 
for improvement in the web application’s system where 


the minor bugs can be a patch in future updates of the web 
application. 


Free from Bugs 


Free From Bugs 
3 responses 


3 (100%) 





Figure 16: Free from Bugs UAT results. 


Feedback from Testers 

Based on the feedbacks obtained from the 3 participants 
of the UAT from the 3 forms, 2 users gave feedbacks on 
the routing of the webpage to create a much more efficient 
usage process. Next, additional search features could be 
implemented to facilitate better maintainability of the in- 
formation found in each function of Secure MedRecord. 
Lastly, additional features were recommended by the 3 
participant where extra fields can be added into the form 
during the creation of medical record to facilitate doctor 
friendly and accurate creation of the medical record for 
their patients. These features are taken into consideration 
for future iterations of the web application by the devel- 
oper. 





To summarized, results obtained from the 3-testing method 
conducted by the developer upon completion of the im- 
plementation stage which is unit, integration and user ac- 
ceptance testing are discussed. Unit testing of Secure Me- 
dRecord was executed based on the test plans created with 
the results showing that the proposed system is validated 
from logical errors. Each sub-processes of each function 
were tested throughout to ensure that the functions are free 
from bugs. Next, in the integration testing stage, interface 
links between the functions are tested. The actual outcomes 
are compared with the expected outcomes of the test plan 
to evaluate the results status of the integration testing. Each 
interface link is tested precisely with the different roles 
available in the web application which are the admin, user 
and doctor respectively. Based on the result statuses ob- 
tained, each result has returned a pass value thus, assur- 
ing that the integration testing is completed successfully. 
Lastly, user acceptance testing was conducted to test the 
ease of using the system on a group of representative users. 
Based on the results obtained, the participants are satisfied 
with the system used with additional feedbacks provided to 
the developer. 
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DISCUSSION 


Critical Evaluation 

Secure MedRecord is a web application system design as a 
solution to increase the availability of medical documents 
and information. It 1s a system designed to allow patients 
to carry a softcopy of their medical documents such as their 
medical card and record with them at all times. Other than 
that, it features the usability of allowing users to save their 
medical symptoms, schedule appointments with their doc- 
tors for medical consultation and send a report request to 
notify their doctors of their needs. The project has outlined 
the problems faced by users of the availability of medical 
documents which may vary in terms of having no softcopy, 
loss of hardcopy due to inefficient storage by the medical 
practitioners or failure to prepare a copy of their medical 
documents beforehand. Other than that, for the creation of 
medical reports, inconveniences can be presented to users 
whereby certain procedures will require a certain amount 
of time to prepare with a minimal amount of fees taken for 
medical practitioners to prepare the medical reports for their 
patients when requested. 














Thus, with the completion of the project through the imple- 
mentation, testing and deployment of Secure MedRecord, 
the aims and objectives presented by the developer has been 
fulfilled. Taking note to the security implementations fea- 
tured in the design of this web application, several security 
features have been successfully implemented to further se- 
cure the web application. Data which concerns the health of 
an individual falls under the special category of personal data 
which also refers to sensitive data. Under the General Data 
Protection Regulation (GDPR) and Personal Data Protection 
Act (PDPA), heavy consequences are issued if a breach in 
data security were to occur. Professional secrecy, referring 
in medical terms as medical confidentiality or the Hippocrat- 
ic Oath prohibits the disclosure of information of patients. 
Thus, data confidentiality is strictly reinforced in this web 
application through the implementation of encryption where 
only authorised parties can access the data. Other than that, 
authentication to ensure proper authorization is implemented 
with proper authentication with additional Two-Factor Au- 
thentication, password hashing and Google reCAPTCHA 
implementation. This is in hopes to incorporate trust between 
patient and doctor while adding a trusting environment of 
Secure MedRecord for users to feel comfortable in utilizing 
the web application for their medical assistant needs. 














To continue, understanding from the feedbacks obtain dur- 
ing the data gathering and analysis stage and testing stage 
of user acceptance testing, the developer understands that 
Secure MedRecord as a web application has room for further 
improvement and growth. With competitors having similar 
concepts which were researched during the literature review 
in this project, the developer understands that Secure Me- 














dRecord will need to evolve to provide better efficiency and 
usability for the general public and doctors to obtain the trust 
and likelihood to adopt the usage of Secure MedRecord. As 
the current system is the first release of the web application, 
the developer wishes to further enhance the system to de- 
velop further improvements in not only the security imple- 
mentation of the system but also the usability of the system 
to match with current systems in the world currently known 
today. 








Lastly, with the modernization of medical practices under- 
gone in today’s world, the developer has positive hopes for 
the adoption of Secure MedRecord in the day to day life of 
users to obtain the benefits and convenience in managing 
their own medical health where their medical information 
are in the reach of their pockets. Thus, minimizing avail- 
ability issues users might phase in their day to day life in 
the event of medical consultations, references, emergencies 
or recalling their medication intake, allergies or symptoms. 
With that, it is concluded that Secure MedRecord, as the de- 
veloper hopes, would allow facilitating convenience in users 
the day to day life with the technology of the cloud, security 
and availability as technology has always been to help users 
overcome problems by providing solutions. 














CONCLUSION 


Much research and development have been done and com- 
pleted by the developer for the completion of the project. 
In the first chapter, the aim and objectives of Secure Me- 
dRecord are clearly defined together with the problem state- 
ment for the reasons for developing the web application. 
Next, domain research is executed together with research in 
similar systems currently available in the market. This is to 
understand the subject matter together with the existing ad- 
vantages and limitations of the systems available for the de- 
velopment of the web application to ensure that it is unique 
and fulfil certain requirements for user adoption. Technical 
research was done in chapter 3 which allows for adequate 
information to be obtained for the development of Secure 
MedRecord. Next, system development methodology was 
compared and chosen for the suitable and effective devel- 
opment of Secure MedRecord which will be followed by 
the developer during the development in the second half of 
the project. The gathering of information through the sur- 
vey with the distribution of questionnaires and analysis of 
information gathered has allowed the developer to gain the 
understanding of users and their requirements for the effec- 
tive development of the project. 

















To continue in the second half of the research has allowed 
for the system architecture design to be illustrated such as the 
abstract architecture and interface design. Based on the de- 
signs, implementations can be made in through the specified 
designs. Chapter 8, on the other hand, explains the features 
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available in Secure MedRecord and the release plans which 
the developer shall follow for proper time management dur- 
ing the development of Secure MedRecord. Next, the testing 
phase of the project development. 














With the specified research conducted, the developer can do 
enough research to investigate the subject matter and obtain 
a vision in specifying what is to be achieved in the second 
half of the project later in the development. This would al- 
low for the fulfilment of the objectives specified by the de- 
veloper to complete the aim of Secure MedRecord. In terms 
of gaps within the research and design of the project, the 
developer wishes to continue doing his best in the security 
implementation of the web application to allow for proper 
usage and security to be obtained for the benefit of users in 
a safe environment. This would require further development 
of technical skills of the developer together with the knowl- 
edge in information system security to be utilized in further 
iterations of Secure MedRecord in the future. 
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